This course intends to make the student familiar with information security management. When you have finished with this course you will know more about:
• Governance: including the mission, roles and responsibilities of the InfoSec governance function, and the strategic planning process and InfoSec’s role in the organization’s strategic planning effort.
• You will understand the various types of InfoSec policies and how effective information security policy is created and used.
• Risk management and the risk management process
• Certain laws and ethical issues impacting information security in the organization. And some common information security management practices such as benchmarking and performance measures.

Avis

MT

Great course. Provides a great hands on insight and experience with Cybersecurity

C

Mar 10, 2017

Filled StarFilled StarFilled StarFilled StarFilled Star

Great course that provides good insights into the world of CyberSecurity!

À partir de la leçon

Regulatory Compliance, Law and Ethics

In this module you will learn about how organizations must manage the complex issues emerging from the rapidly changing legal and regulatory environment. It will include a short overview of the laws and regulations you should plan to learn about as well as an introduction to how ethics is encountered in the workplace. Then you will engage on a discussion on compliance with industry standards and governmental regulation as a means to move closer to a more secure work environment. As part of the ongoing case study you will be asked to advise management on an ethical dilemma currently facing some of the management team at CHI.

Enseigné par

Dr. Humayun Zafar

Dr. Traci Carte

Herbert J. Mattord, Ph.D., CISM, CISSP, CDP

Associate Professor in Information Security and Assurance

Mr. Andy Green

Lecturer of Information Security and Assurance

Michael Whitman, Ph.D., CISM, CISSP

Professor of Information Security

Transcription

[SOUND] Most security organizations within larger organizations are asked to performed or lead the effort to meet external compliance requirements. These efforts take place within the larger framework of professional ethics and with an understanding of the legal requirements within which the organization operates. [SOUND] Those employed in the area of cybersecurity are expected to conform to a higher level of ethical and legal performance than other professional fields. Cybersecurity professionals are trusted with the secrets of the organization, specifically information that the organization uses to do its work. This requires a level of trust that far exceeds that of an average employee. As a cybersecurity professional, if the organization can't trust you, then who can they trust? This requires a firm understanding of the ethical, legal, and regulatory environment. Ethics are the general accepted behaviors of a society. Laws are those ethics that have been formalized so that the state may act on behalf of the people in enforcing desired behavior. Regulations, from our perspective, are those practices that are enforced by agencies of government or other entities that have the ability to force compliance. [SOUND] There are several key laws that directly affect cybersecurity. The following is a brief overview of the most critical. The Computer Fraud and Abuse Act of 1986 is one of the first federal computer laws, and established definitions and penalties for misuse of computer. The Computer Security Act of 1987 protects federal computer systems by establishing minimum acceptable security practices for federal agencies. The Federal Privacy Act of 1974 protects personal information, and restricts its use by the federal government. The Electronic Communications Privacy Act prohibits the interception and recording of communications except in certain circumstances. The Health Insurance Portability & Accountability Act of 1996, also known as HIPAA, requires the protection of personal medical information without that person's explicit permission. HITECH, the Health Information Technology for Economic and Clinical Health care, increased the scope of HIPAA to include all businesses related to the process of health care. Financial Services Modernization Act of 1999, also know as Gramm-Leach-Bliley or GLB, established clear requirements for the financial industry to protect your information and privacy. US Copyright Law protects intellectual property, restricting use by others to approved use and fair use as specifically defined. Sarbanes-Oxley requires executives of financial services companies to assume direct and personal accountability for the completeness and accuracy of financial reporting and record keeping. The Digital Millennium Copyright Act, also known as DMCA, is a US law passed in response to European Union laws restricting the use of intellectual property and combating copyright infringement. The payment card industry data security standards applies to organizations that accept payment cards or process the data used in payment card transactions. It includes requirements for required practices to secure the data from those transactions for firms that use them. [SOUND] Deterring unethical behavior uses these tools, policy, education and training, and technology to protect information. Three categories of unethical behavior are usually targeted. Ignorance, accident and intent. Studies have also found that we can deter undesirable behavior through the use of policies and laws but only if three conditions are present. One, policy violators must fear the penalty. Two, they must expect that they have a higher probability of being caught. And three, they must expect there's a high probability that the penalty will be applied. Most security organizations and larger organizations are asked to perform or lead the effort to meet external compliance requirements. These efforts take place within the larger framework of professional ethics and an understanding of the legal requirements within which the organization operates. [SOUND]